When one side of an SSL/TLS communication wants to inform the peer about a
special situation, it sends an alert. The alert is sent as a special
message and does not influence the normal data stream (unless its contents
results in the communication being canceled).

A warning alert is sent, when a non-fatal error condition occurs. The
``close notify'' alert is sent as a warning alert. Other examples for
non-fatal errors are certificate errors (``certificate expired'',
``unsupported certificate''), for which a warning alert may be sent. (The
sending party may however decide to send a fatal error.) The receiving side
may cancel the connection on reception of a warning alert on it discretion.

Several alert messages must be sent as fatal alert messages as specified by
the TLS RFC. A fatal alert always leads to a connection abort.

A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not be
located or couldn't be matched with a known, trusted CA. This message is
always fatal.

A negotiation not in compliance with export restrictions was detected; for
example, attempting to transfer a 1024 bit ephemeral RSA key for the
RSA_EXPORT handshake method. This message is always fatal.

This handshake is being canceled for some reason unrelated to a protocol
failure. If the user cancels an operation after the handshake is complete,
just closing the connection by sending a close_notify is more appropriate.
This alert should be followed by a close_notify. This message is generally
a warning.

Sent by the client in response to a hello request or by the server in
response to a client hello after initial handshaking. Either of these would
normally lead to renegotiation; when that is not appropriate, the recipient
should respond with this alert; at that point, the original requester can
decide whether to proceed with the connection. One case where this would be
appropriate would be where a server has spawned a process to satisfy a
request; the process might receive security parameters (key length,
authentication, etc.) at startup and it might be difficult to communicate
changes to these parameters after that point. This message is always a
warning.